-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Contracts & Harnesses for non_null::new
and non_null::new_unchecked
#88
Contracts & Harnesses for non_null::new
and non_null::new_unchecked
#88
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work! A few comments.
non_null::new
and non_null::new_unchecked
non_null::new
and non_null::new_unchecked
non_null::new
and non_null::new_unchecked
non_null::new
and non_null::new_unchecked
@zhassan-aws if everything else looks good I will squash the commits. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
No need to. We squash on merge. |
@zhassan-aws Thank you! Do we need another reviewer for approval to merge? |
Yes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would be great to have harnesses that covers all possible values of the raw pointer. Something like:
let ptr = kani::any::<usize>() as *mut i32;
let _ = NonNull::new_unchecked(ptr);
Note that we cannot use the same strategy for functions where we need to ensure pointer validity.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome! thanks
non_null::new
and non_null::new_unchecked
non_null::new
and non_null::new_unchecked
…d` (model-checking#88) Towards model-checking#53 ### Changes - added contract and harness for `non_null::new` - added contract and harness for `non_null::new_unchecked` The difference between the two APIs is that `non_null::new` can handle null pointers while `non_null::new_unchecked` does not. Therefore the contract for `non_null::new` does not require a `nonnull` pointer. ### Re-validation To re-validate the verification results, run `kani verify-std -Z unstable-options "path/to/library" -Z function-contracts -Z mem-predicates --harness ptr::non_null::verify::non_null_check_new`. This will run both harnesses. All default checks should pass. --------- Co-authored-by: OwO <[email protected]> Co-authored-by: Zyad Hassan <[email protected]>
Towards #53
Changes
non_null::new
non_null::new_unchecked
The difference between the two APIs is that
non_null::new
can handle null pointers whilenon_null::new_unchecked
does not. Therefore the contract fornon_null::new
does not require a nonnull pointer.Revalidation
To revalidate the verification results, run
kani verify-std -Z unstable-options "path/to/library" -Z function-contracts -Z mem-predicates --harness ptr::non_null::verify::non_null_check_new
. This will run both harnesses. All default checks should pass: